CVE-2026-53095

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix abuse of kprobe write ctx via freplace

uprobe programs are allowed to modify struct pt regs.

Since the actual program type of uprobe is KPROBE, it can be abused to modify struct pt regs via kprobe+freplace when the kprobe attaches to kernel functions.

For example,

SEC("?kprobe") int kprobe(struct pt regs *regs) { return 0; }

SEC("?freplace") int freplace kprobe(struct pt regs *regs) { regs->di = 0; return 0; }

freplace kprobe prog will attach to kprobe prog. kprobe prog will attach to a kernel function.

Without this patch, when the kernel function runs, its first arg will always be set as 0 via the freplace kprobe prog.

To fix the abuse of kprobe write ctx=true via kprobe+freplace, disallow attaching freplace programs on kprobe programs with different kprobe write ctx values.